Home > Vulnerability Database > CVE-2025-47941

Mend.io Vulnerability Database

CVE-2025-47941

Good to know:

Date: May 20, 2025

TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication (MFA) dialog presented during backend login can be bypassed due to insufficient enforcement of access restrictions on all backend routes. Successful exploitation requires valid backend user credentials, as MFA can only be bypassed after successful authentication. Users should update to TYPO3 version 12.4.31 LTS or 13.4.12 LTS to fix the problem.

Severity Score

7.2

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-47941

Url: https://github.com/TYPO3/typo3/security/advisories/GHSA-744g-7qm9-hjh9

Url: https://typo3.org/security/advisory/typo3-core-sa-2025-015

Url: https://github.com/TYPO3-CMS/backend/commit/034f589029952084771c5f98d42ed0f69f9a7ead

Url: https://github.com/TYPO3-CMS/backend

Url: https://www.mend.io/vulnerability-database/CVE-2025-47941

Severity Score

7.2

Weakness Type (CWE)

Authentication Bypass Using an Alternate Path or Channel

CWE-288

Top Fix

Upgrade Version

Upgrade to version https://github.com/TYPO3-CMS/backend.git - v13.4.12;https://github.com/TYPO3-CMS/backend.git - v12.4.31

Learn More

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-47941

Good to know:

Date: May 20, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?